JlPassieader 

Leader of IT Certifications 



CCIE Security Written Exam v4.0 (350-018) 

QUESTION 21 

Which method of output queuing is supported on the Cisco ASA appliance? 

A. CBWFQ 

B. priority queuing 

C. MDRR 

D. WFQ 

E. custom queuing 
Answer: B 
QUESTION 22 

Which four values can be used by the Cisco IPS appliance in the risk rating calculation? (Choose 
four.) 

A. attack severity rating 

B. target value rating 

C. signature fidelity rating 

D. promiscuous delta 

E. threat rating 

F. alert rating 

Answer: ABCD 
QUESTION 23 

Which three authentication methods does the Cisco IBNS Flexible Authentication feature support? 
(Choose three.) 

A. cut-through proxy 

B. dotlx 

C. MAB 

D. SSO 

E. web authentication 
Answer: BCE 
QUESTION 24 

Troubleshooting the web authentication fallback feature on a Cisco Catalyst switch shows that 
clients with the 802. 1X supplicant are able to authenticate, but clients without the supplicant are 
not able to use web authentication. Which configuration option will correct this issue? 

A. switch(config)# aaa accounting auth-proxy default start-stop group radius 

B. switch(config-if)# authentication host-mode multi-auth 

C. switch(config-if)# webauth 

D. switch(config)# ip http server 

E. switch(config-if)# authentication priority webauth dotlx 
Answer: D 

QUESTION 25 
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Which option on the Cisco ASA appliance must be enabled when implementing botnet traffic 
filtering? 

A. HTTP inspection 

B. static entries in the botnet blacklist and whitelist 

C. global ACL 

D. NetFlow 

E. DNS inspection and DNS snooping 
Answer: E 

QUESTION 26 

Which signature engine is used to create a custom IPS signature on a Cisco IPS appliance that 
triggers when a vulnerable web application identified by the "/runscript.php" URI is run? 

A. AIC HTTP 

B. Service HTTP 

C. String TCP 

D. Atomic IP 

E. META 

F. Multi-String 

Answer: B 
QUESTION 27 

With the Cisco FlexVPN solution, which four VPN deployments are supported? (Choose four.) 

A. site-to-site IPsec tunnels? 

B. dynamic spoke-to-spoke IPSec tunnels? (partial mesh) 

C. remote access from software or hardware IPsec clients? 

D. distributed full mesh IPsec tunnels? 

E. IPsec group encryption using GDOI? 

F. hub-and-spoke IPsec tunnels? 

Answer: ABCF 
QUESTION 28 

Which four techniques can you use for IP management plane security? (Choose four.) 

A. Management Plane Protection 

B. uRPF 

C. strong passwords 

D. RBAC 

E. SNMP security measures 

F. MD5 authentication 

Answer: ACDE 
QUESTION 29 

Which three statements about remotely triggered black hole filtering are true? (Choose three.) 
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A. It filters undesirable traffic. 

B. It uses BGP or OSPF to trigger a network-wide remotely controlled response to attacks. 

C. It provides a rapid-response technique that can be used in handling security-related events 
and incidents. 

D. It requires uRPF. 

Answer: ACD 
QUESTION 30 

Which three statements about Cisco Flexible NetFlow are true? (Choose three.) 

A. The packet information used to create flows is not configurable by the user. 

B. It supports IPv4 and IPv6 packet fields. 

C. It tracks all fields of an IPv4 header as well as sections of the data payload. 

D. It uses two types of flow cache, normal and permanent. 

E. It can be a useful tool in monitoring the network for attacks. 

Answer: BCE 
QUESTION 31 

During a computer security forensic investigation, a laptop computer is retrieved that requires 
content analysis and information retrieval. Which file system is on it, assuming it has the default 
installation of Microsoft Windows Vista operating system? 

A. HSFS 

B. WinFS 

C. NTFS 

D. FAT 

E. FAT32 

Answer: C 
QUESTION 32 

Which three statements about the IANA are true? (Choose three.) 

A. IANA is a department that is operated by the IETF. 

B. IANA oversees global IP address allocation. 

C. IANA managed the root zone in the DNS. 

D. IANA is administered by the ICANN. 

E. IANA defines URI schemes for use on the Internet. 

Answer: BCD 
QUESTION 33 

What does the Common Criteria (CC) standard define? 

A. The current list of Common Vulnerabilities and Exposures (CVEs) 

B. The U.S standards for encryption export regulations 

C. Tools to support the development of pivotal, forward-looking information system technologies 



Get Latest & Actual 350-018 Exam's Question and Answers from PassLeader. 
Click Here — http://www.passleader.com/350-018.html 



JlPassLeader 

Leader of IT Certifications 



CCIE Security Written Exam v4.0 (350-018) 

D. The international standards for evaluating trust in information systems and products 

E. The international standards for privacy laws 

F. The standards for establishing a security incident response system 

Answer: D 
QUESTION 34 

Which three types of information could be used during the incident response investigation phase? 
(Choose three.) 

A. netflow data 

B. SNMP alerts 

C. encryption policy 

D. syslog output 

E. IT compliance reports 

Answer: ABD 
QUESTION 35 

Which of the following best describes Chain of Evidence in the context of security forensics? 

A. Evidence is locked down, but not necessarily authenticated. 

B. Evidence is controlled and accounted for to maintain its authenticity and integrity. 

C. The general whereabouts of evidence is known. 

D. Someone knows where the evidence is and can say who had it if it is not logged. 
Answer: B 

QUESTION 36 

Which option is a benefit of implementing RFC 2827? 

A. prevents DoS from legitimate, non-hostile end systems 

B. prevents disruption of special services such as Mobile IP 

C. defeats DoS attacks which employ IP source address spoofing 

D. restricts directed broadcasts at the ingress router 

E. allows DHCP or BOOTP packets to reach the relay agents as appropriate 
Answer: C 

QUESTION 37 

Which of the following provides the features of route summarization, assignment of contiguous 
blocks of addresses, and combining routes for multiple classful networks into a single route? 

A. classless interdomain routing 

B. route summarization 

C. supernetting 

D. private IP addressing 

Answer: A 
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QUESTION 38 

Aggregate global IPv6 addresses begin with which bit pattern in the first 16-bit group? 

A. 000/3 

B. 001/3 

C. 010/2 

D. 011/2 

Answer: B 
QUESTION 39 

Which layer of the OSI reference model typically deals with the physical addressing of interface 
cards? 

A. physical layer 

B. data-link layer 

C. network layer 

D. host layer 

Answer: B 
QUESTION 40 

Which statement best describes a key difference in IPv6 fragmentation support compared to IPv4? 

A. In IPv6, IP fragmentation is no longer needed because all Internet links must have an IP MTU of 
1280 bytes or greater. 

B. In IPv6, PMTUD is no longer performed by the source node of an IP packet. 

C. In IPv6, IP fragmentation is no longer needed since all nodes must perform PMTUD and send packets 
equal to or smaller than the minimum discovered path MTU. 

D. In IPv6, PMTUD is no longer performed by any node since the don't fragment flag is removed from 
the IPv6 header. 

E. In IPv6, IP fragmentation is performed only by the source node of a large packet, and not by any other 
devices in the data path. 

Answer: E 
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